Passwords-Workers Say They Will Hand Them Over For Next To Nothing

A cyberattack could cost an organization millions, but an employee within your company might be willing to give an outsider access to sensitive information via their login credentials for under £200. According to a report examining insider threats by Forcepoint, 14 percent of European employees claimed they would sell their work login credentials to an outsider for £200. And the researchers found that, of those who'd sell their credentials to an outsider, nearly half would do it for less.

This shocking report recently issued by Forcepoint, a security firm which specializes in working with employee motivations and behaviors, has detailed that a surprisingly high number of European employees would be willing to sell their login credentials to someone for as little as €200. The study focused on employees in the UK, France, Germany, and Italy, and results showed that a great many employees at the companies polled were not aware of the consequences of what such an action might bring to their employers.

The Threat

The Forcepoint statistics reveal that many of those employees surveyed don't understand the potential ramifications to their company if a data breach should occur, and many did not believe that a data breach would cost the company financially at all. However, security experts and most company managers are well aware that the cost to companies who suffer any kind of data breach could potentially reach into the millions of dollars.

When you factor in the cost of possibly paying a ransom, repairing the security breach, loss of revenue because of downtime, and loss of customer base because of damage done to the company reputation, the total price tag can be enormous. In fact, the ultimate consequence of a particularly costly data breach might force a company out of business entirely. From this it can be seen that the 'insider threat' is something no company can afford to ignore, and because of the statistical prevalence of such occurrences, they really need to be paid much greater attention than ever before.

Statistics

The actual percentage of employees who were unsure about the impact of a breach to their company amounted to 32%, and at least 22% had no idea that there would be any financial cost whatsoever to their companies. This kind of unawareness accounts for the fact that so many were willing to sell their credentials to an outsider so cheaply, and it probably also accounts for some of the statistically high number of breaches in government, healthcare, finance, retail, and education industries for 2016.

What To Do

One of the most significant steps which can be taken to avoid the threat of a company insider facilitating a data breach, is to conduct a vigorous program of employee education. One part of this education should stress to employees that there is a strong connection between corporate accounts and employee accounts, and both need to be carefully managed.

For starters, that means using different passwords between the two, despite employee complaints of having to remember too many passwords in order to do their job. Another part of employee education is stressing the awareness factor, and making sure that they understand the severe consequences which might arise from giving out company information which should be secure.

Everyone in the corporation needs to be held accountable for the secure information they are entrusted with, and they need to realize that their fates are tied to the company's fate, meaning that severe damage to the company will have repercussions for employees as well.

Contact The Experts

If you need help with employee education or any other aspect of security at your workplace, contact one of our experts for FREE consultation with your team. Criminal-minded hackers don't rest, and that means your efforts to keep secure must be ever-vigilant as well. Let us help you close up any vulnerabilities lurking in your network, or around your workplace. Download our FREE Special report and learn more how to protect yourself and data assets.